Jeremy C. Reed wrote: >> Rules can be given an expirey (in seconds): >> >> block in from any to any port = 22 rule-ttl 10 >> >> But displaying them with ipfstat is slightly different, e.g: >> # ipfstat -i >> block in from any to any port = 22 # rule-ttl 4191 >> >> This prevents temporary rules from being loaded that match >> already existing rules and also means you don't need to >> worry about guessing the correct ttl to remove a rule. >> > > Any more examples of this? It seems confusing to use the same "rule-ttl" > for different purposes. And also how can you know how much time is left? >
The number used when creating the rule is the number of seconds before deletion, the number displayed is currently the number of half-seconds until it is removed. Darren
